From 3925137c39bb70b9951bd612b2e86b9a317e367c Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 29 Aug 2018 16:13:16 +1200 Subject: [PATCH] Fix potential buffer underflow and inefficient copy using fnmatch. If length was zero we could check the -1 index. A nul was always added because we only used the length of the string, not the buffer (i.e. off by one). Also remove a check for a negative number from an unsigned number. --- libappstream-glib/as-app.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libappstream-glib/as-app.c b/libappstream-glib/as-app.c index f84011ce..7f0cd455 100644 --- a/libappstream-glib/as-app.c +++ b/libappstream-glib/as-app.c @@ -6208,7 +6208,7 @@ as_app_parse_appdata_guess_project_group (AsApp *app) static int as_utils_fnmatch (const gchar *pattern, const gchar *text, gsize text_sz, gint flags) { - if (text_sz != -1 && text[text_sz-1] != '\0') { + if (text_sz > 0 && text[text_sz-1] != '\0') { g_autofree gchar *text_with_nul = g_strndup (text, text_sz); return fnmatch (pattern, text_with_nul, flags); } @@ -6323,7 +6323,7 @@ as_app_parse_appdata_file (AsApp *app, filename, error_local->message); return FALSE; } - data = g_bytes_new_take (g_steal_pointer (&data_raw), len); + data = g_bytes_new_take (g_steal_pointer (&data_raw), len + 1); if (!as_app_parse_data (app, data, flags, &error_local)) { g_set_error (error, AS_APP_ERROR,